Ecommerce fraud prevention: a $20 billion problem

First published on May 3, 2022

 

11 minute read

Felicia Kuan

Growth

TLDR

5 ways to use machine learning (ML) to battle “Nigerian princes,” hackers, and customers abusing chargeback requests in order to reduce your business’ unnecessary losses.

Outline

  • Why every business should care about fraud

  • 2 types of hacking to obtain personal information

  • 3 types of friendly fraud

  • Why is ML effective against ecommerce fraud detection?

Why every business should care about fraud

While e-commerce is a rapidly expanding industry that enables customers to order any goods, it carries a growing threat of online fraud. In 2021, the global e-commerce industry incurred 

$20 billion

in losses to fraud– 14% increase from the previous year!

This is the consequence of the concept, “The customer is always right.” Credit card providers hold businesses completely responsible for fraudulent transactions, forcing them to refund customers for the loss. If the fraud was not detected quickly enough, businesses will have already shipped the product to the fraudster, costing the merchant overhead costs in addition to losing the product. In fact, in 2021, LexisNexis estimated that merchants 

lost $3.60 for every $1 of fraud

By learning about the various ways businesses are scammed out of revenue, we can think of ways to prevent fraud and ensure your website is trusted by customers. 

We’ll be discussing a non-exhaustive list of 5 ways criminals and everyday people commit fraud, with the security best practices. The first 2 are types of fraud we usually hear about: hackers stealing users’ credit card information, personal information, and addresses to make fraudulent purchases. The last 3 are frauds conducted by everyday customers, and since the reasons for doing so are varied, it’s much more difficult to detect and resolve.

2 types of hacking to obtain personal information

With the rise of e-commerce in the mid 1990s, malicious parties can exploit the rudimentary digital fraud detection infrastructures that are not up to standard. In addition, customers are less willing to shop on untrustworthy or insecure sites, according to a Shopify article, which shared that almost 

61%

of shoppers didn’t purchase because trust logos were missing. 

Thus, it’s the e-commerce business’ sole responsibility to implement efficient fraud detection systems to protect their revenue and maintain their customers’ trust.

As mentioned above, merchants are held responsible for refunding instances of fraud, even if a user’s weak password allows for a hacker to breach the payment account (like Square or Cashapp). In addition, digital stores don’t have the credit card protection that physical card readers have that use the EMV (Europay, Mastercard, and Visa) standard to protect against fraud. It makes it super easy for fraudsters to use stolen credit card numbers online.

The first layer of security is using an address verification system (AVS) to require a billing address. Requiring an added verification step blocks criminals from using a credit card without knowing the zip code associated with the card.

But what happens when the payment account is hacked, all of the information, including zip code and credit card number, is compromised? Most of these payment apps enable 2-factor verification to ensure the owner of the cell phone made the purchase, but this feature can be disabled within the app.

Using machine learning (ML) adds more layers to prevent the use of stolen credit cards.

  • Check IP address

    : Some criminals have a whole arsenal of stolen credit cards and payment app logins. Suspicious activity can be detected by ML when frequent IP bouncing, VPN usage, or when multiple orders using different payment methods are placed using the same IP address.

  • Check order history

    : It’s suspicious if, compared to the account history, your regular customer makes an exorbitant purchase.

  • Discover irregularities in payments

    : The added perk of using third-party payment apps, such as Paypal, Google Pay, or Amazon Pay, allows your business to 

    leverage the data and insights

    about fraud experienced by all the customers in their network. With this, you can take preventive measures when fraudsters start using a new method of scamming.

It’s quite the red flag if a user enters a credit card number or CVV incorrectly at checkout. You can use real-time tracking using big data or ML to identify and 

ban the IP address

of this nefarious user, but what if they’ve already tried testing on other online websites and succeeded? 

How do you protect against criminals with the stolen credit card numbers attempting to make purchases on your e-commerce website?

The solution is mostly the same as the situation above, with these extra layers of security:

  • Geolocation

    : The location of your customer is unusual compared to previous places– like in another state or country when travel hasn’t been reported to the credit card company.

  • Different delivery addresses

    : Someone makes multiple purchases from one account at once, but ships the items to different locations, likely because these are the fraudster’s various “warehouses.”

3 types of friendly fraud

The next 3 types of fraud are nuanced because they are caused by human misunderstanding, error, or laziness. The ways of solving these depends on how you foster a relationship and sense of trust with your customers as a business.

For context, chargeback is a demand by a credit card provider for a merchant to refund the loss on a fraudulent or disputed transaction. However, this means of consumer protection is widely exploited in the e-commerce space and has become a method for cardholders to 

commit fraud

(sometimes unintentionally) against merchants. This can be in the form of unintentionally requesting chargeback because the customer forgot they made the transaction (an example of friendly fraud) or deliberately abusing chargeback to obtain the product for free (cyber shoplifting).

We’d like to distinguish intentional chargeback from unintentional “

friendly fraud

.” Often, these customers don’t even realize they’re committing fraud and hurting the business when they:

  • Forgot they made a charge or are confused by the description when they’re paying the bill, so they dispute the transaction.

  • Small children can make in-app purchases these days, and adult family members who don’t know what they are, dispute the transaction. This is known as 

    family fraud

    , and in 2017, Amazon refunded 

    $70 million of unauthorized in-app purchases by children

  • Less tech-savvy people who don’t understand online shopping confuse filing chargebacks through the bank with making a return or refund directly through the merchant.

  • When a refund is delayed, customers may panic and think they’ve been scammed, so they contact the bank to file a dispute.

Unfortunately, these human errors amount to enormous costs that merchants alone must shoulder. As Invespcro reported in 2016, 

71%

of chargeback loss incurred by businesses was friendly fraud. It’s a real pain because 

40%

of people who mistakenly request chargebacks will do it again within 60 days. 

The best way to avoid chargebacks is the human factor: having your employees leverage ML tools to give customers 

optimized customer service

. Step back and rethink how you’d integrate chargeback and fraud prevention tips in your customer service strategy. Your new plan should minimize inconveniences for customers so they wouldn’t resort to filing chargebacks, such as:

  • Process time-sensitive tasks first

    – these include billing, shipping, and refunding– because these delays often make customers request chargebacks in a panic.

  • Stay in touch with the customer

    using automated post checkout notifications and follow-up emails. These are great opportunities to ask for customer feedback, which opens up a space for customers to share their problems with you, if any. Additionally, if the volume of feedback is too large, you can use sentiment analysis to determine whether their feedback is positive, negative or neutral. You can automatically identify and remind belligerent customers of your shop’s fast and easy return policy.

Similar to the example above, 

cyber shoplifting

occurs when a user makes a large purchase outside of their house’s IP address, receives the shipped package, and intentionally calls their credit card company to report the “fraudulent” transaction. 

Although it’s difficult to identify these shoplifters outright because their behavior mirrors that of a regular customer using their own credit cards at home. After repeated offenses (since 

40%

of those who file chargeback are likely to do it again within 2 months), we can identify these bad actors using a 

fraud scoring system

and choose to reject orders using that account, IP address, and credit card. Also, using robust fraud scoring tools that employ ML logic means more accurate identification of fraud and fewer false declines.

This method also keeps out customers who have repeatedly abused chargeback without knowing it’s fraud, such as those:

  • Experiencing buyer’s remorse: regret a purchase but are anti-confrontational and would rather talk to their credit card company than request a refund from the merchant

  • Are lazy to return the item, and thinks that a chargeback would be faster

  • Disputing the merchant of a subscription service, asserting that they were scammed by an unclear cancellation policy.

Although these are prospective customers, the costs of their chargeback abuse simply outweigh the profits from selling to them, as it’s estimated that e-commerce businesses pay at least 

$2 for every $1 of this fraudulent behavior

.

You could be giving away a free item, discount, or reduced subscription plan in order to interest new users in your e-commerce business. In addition, you can incentivize your users to invite their friends to shop at your e-commerce business by offering a referral bonus. However, criminals and regular people alike can take advantage of your special promotion by making multiple fake accounts, and this is known as referral fraud.

Machine learning models are quick to notice 

these trends

that expose those taking advantage of your giveaway:

  • Identifying that the referral sender and receiver email are similar

  • Sender and receiver have the same IP address or cookie session

  • Multiple sign-ups from the same device (identified by its unique device ID)

Why is ML effective against ecommerce fraud detection?

The benefits of using machine learning (ML) to combat fraud are:

  • Real-time data processing that allows us to act on a fraudulent transaction, sometimes before it even happens.

  • Detecting hidden patterns and deviations in human behavior is easier with a ML-based system because it’s constantly learning without a bias. With every newly discovered threat, an ML system improves at detecting fraud and preventing them.

  • Using a single fraud detection tool that can leverage large amounts of data is much cheaper than hiring a large team of analysts.

  • Automated, yet secure, verification can speed up the payment process for customers. Since it operates on defined rules, there is no possibility of verification error that human employees might make. 

E-commerce businesses simply don’t have the capacity to invest in the newest technology every year. 

Mage

is an AI tool with a hyper-responsive team of engineers who will assist you with tackling these fraud detection challenges and integrating solutions in the e-commerce landscape in 2022. Below is a list of use cases and ways we thought about helping businesses like yours grow using machine learning.

Start building for free

No need for a credit card to get started.
Trying out Mage to build ranking models won’t cost a cent.

No need for a credit card to get started. Trying out Mage to build ranking models won’t cost a cent.